I have a server that was setup by an admin who is no longer around which leaves the rest of us normal users stumbling in the dark. The machine uses CentOS 7, and the admin seems to have made security primarily go through iptables (though I understand that firewalld would normally be the default). I was attempting to add a rule to iptables which ended up backfiring on me in a fantastic way. I was following a walk through for CentOS 6, and here is where things blew up:

Before inputting these commands, I verified that iptables -L and /etc/sysconfig/iptables had the same rules (The admin had apparently done something that causes a discrepancy between the two when the machine first boots, so I usually need to reset some services before the machine is functional). My expectation was that the iptables command would ADD one new rule to the pre-existing set of rules and then save that. What ACTUALLY happened was that this command deleted ALL the other rules and saved just this single rule. I have the output of iptables -L saved from just before running that command. It's mostly default rules with the exception of opening a few ports (ssh, http, https, and msgsrvr) plus a rule for fail2ban. However, now I have no idea what went wrong and how I'm supposed to actually ADD rules instead of replacing them.

When you stopped iptables service, all the netfilter tables have been flushed. Then you have added your new rule, which was at this point the only rule in iptables. After this, you have saved this as your new configuration. You need to restore /etc/sysconfig/iptables from some backup and add your new rules without stopping iptables service and then saving it again.

Maybe the confusion comes from the fact that everybody talks about iptables service, firewalld service...when actually there is no service at all. There are just (kernel) netfilter tables. When you stop this "service", the tables are flushed. When you start it, the rules are inserted by iptables. Nothing more, nothing less. Firewalld service generates some chains on it's own, so it is easier to manage and actually has a python daemon, but it basically works the same way...kernel does all the work, everything else is there just to manage it.

The server had some hardware issues, so it took a little while to get it running again. There were also other steps missing from the guide I was following. However, the pointers here saved me some time debugging the guide.